Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hash Algorithms.

Published by锅 邓 Modified over 7 years ago

Similar presentations

Presentation on theme: "Hash Algorithms."— Presentation transcript:

1 Hash Algorithms

2 Hash Algorithms Driven by the slowness of RSA in signing a message. The idea was to create (relatively fast) a digest of a message and sign that. This was the origin of MD and MD2 algorithms by Ron Rivest In 1989. Merkle developed SNEFRU in It was many times faster than MD2. This prompted Rivest in 1990 to create MD4 which exploited microprocessor operations on newer chips. SNEFRU was cracked in 1992 by Shamir. A variant of MD4 was cracked in 1991. MD5 nervously rolled out in 1992. MD4 was severly cracked in 1995. In the 2000s: can create two files with the same hash, can fake SSL certificate validity – MD5 no longer recommended.

3 Hash Algorithms SHA-1 (Secure Hash Algorithm) NSA (1995)
Successor to and replacement for MD5 Used in IPSec, SSL, TLS, PGP, SSH, and more (shows up in Java) Required by US government crypto applications Also: SHA-256, SHA-512, SHA-384, SHA-224 (SHA-2 – 2002) SHA-224 has digest length to match 2-3DES keys Takes digest of up to 264 bit messages – digest size is 160 bits August, 2005: attack announced – find collisions in fewer than 263 operations (should have been 280 – square root of 2160) Operates in stages – each stage mangles the pre-stage message by a sequence of operations based on current message block

4 Hash Algorithms

5 SHA-1 Algorithm ... Pre-process the message – pad and end with size:
Message – 512 bit block Message 1 0000 size One bit of '1' following message Pad with 0's to within 64 bits of end of block Last 64 bits of last block get the size of the message in bits

6 ... SHA-1 Algorithm Break block into 16 32 bit words: 512 bit block

7 ... SHA-1 Algorithm Break block into 16 32 bit words:
512 bit block 32 bit words W0 W1 W2 ... W15 Extend to bit words (2560 bits): for t from 16 to 79 Wt = (Wt-3 ⊕ Wt-8 ⊕ Wt-14 ⊕ Wt-16) <<< 1

8 SHA-1 Algorithm Define variables A=0x67452301,B =0xEFCDAB89,
C =0x98BADCFE,D =0x , E =0xC3D2E1F0 Define F and Kt according to round: Rounds 1 to 20: F = (B ∧ C) ∨ (¬B ∧ D) Kt = 0x5A sqrt(2) Rounds 21 to 40: F = (B ⊕ C ⊕ D) Kt = 0x6ED9EBA sqrt(3) Rounds 41 to 60: F = (B ∧ C) ∨ (B ∧ D) ∨ (C ∧ D) Kt = 0x8F1BBCDC sqrt(5) Rounds 61 to 80: F = (B ⊕ C ⊕ D) Kt = 0xCA62C1D sqrt(10)

9 SHA-1 Algorithm Last round: 160 bit block A-E is the digest
(5 32 bit words) temp = (A <<<5) + F + E + Kt + wt E = D D = C C = B <<<30 B = A A = temp

10 SHA-1 Algorithm Finally, update the 160 bit hash: H1 += A H2 += B
H3 += C H4 += D H5 += E

11 SHA-256 Algorithm //Initialize variables
// First 32 bits of fractional part of the square // roots of the first 8 primes h0 = 0x6a09e667 h1 = 0xbb67ae85 h2 = 0x3c6ef372 h3 = 0xa54ff53a h4 = 0x510e527f h5 = 0x9b05688c h6 = 0x1f83d9ab h7 = 0x5be0cd19

12 SHA-256 Algorithm //Initialize table of round constants:
// First 32 bits of the fractional part of the cube // roots of the first 64 primes K1 – K64 = 0x428a2f98, 0x , 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x , 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd , 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2

13 SHA-256 Algorithm Same pre-processing, same initialization of W1 - W15
//Extend the bit words into bit words: for t from 16 to 63 s0 = (Wi-15 >>>7)⊕(Wi-15 >>>18)⊕(Wi-15 >>3) s1 = (Wi-2 >>>17)⊕(Wi-2 >>>19)⊕(Wi-2 >>10) Wi = Wi-16 + s0 + Wi-7 + s1

14 SHA-256 Algorithm Same pre-processing, same initialization of W1 - W15
//Extend the bit words into bit words: for t from 16 to 63 s0 = (Wi-15 >>>7)⊕(Wi-15 >>>18)⊕(Wi-15 >>3) s1 = (Wi-2 >>>17)⊕(Wi-2 >>>19)⊕(Wi-2 >>10) Wt = Wi-16 + s0 + Wi-7 + s1 //Initialize hash value for this chunk: A = h0 B = h1 C = h2 D = h3 E = h4 F = h5 G = h6 H = h7

15 SHA-256 Algorithm Same pre-processing, same initialization of W1 - W15
//Main loop: for t from 0 to 63 s0 = (A >>>2)⊕(A >>>13)⊕(A >>>22) maj = (A ∧ B) ∨ (B ∧ C) ∨ (C ∧ A) t0 = s0 + maj s1 = (E >>>6)⊕(E >>>11)⊕(E >>>25) ch = (E ∧ F) ∨ (¬E ∧ G) t1 = H + s1 + ch + Kt + Wt H = G G = F F = E E = D + t1 D = C C = B B = A A = t0 + t1

16 SHA-256 Algorithm h0 := h0 + A h1 := h1 + B h2 := h2 + C h3 := h3 + D
//Add this chunk's hash to result so far: h0 := h0 + A h1 := h1 + B h2 := h2 + C h3 := h3 + D h4 := h4 + E h5 := h5 + F h6 := h6 + G h7 := h7 + H //Output the final hash value (big-endian): digest = hash = h0 || h1 || h2 || h3 || h4 || h5 || h6 || h7

17 Types of Attack on Hashes
1. Preimage – An attacker has an output and finds an input that hashes to that output 2. Collision – An attacker finds two inputs that hash to the same output

18 Hash Algorithms SHA-3 Competition (2007-present)
Semi-finalists: Blake (Israel), GrØstl (Austria) , Luffa (Hitachi), Blue midnight wish (Norway), Hamsi (Belgium), Shabal (Europe), CubeHash (USA), JH (China?), SHAvite-3 (Israel, France), ECHO (France), Keccak (Dutch), SIMD (Germany?), Fugue (IBM), Skein (USA – Schneier and others) Finalists: Blake, GrØstl, JH, Keccak, Skein Winner to be decided next year Did not make the first cut: MD6 (MIT) + 10 others Broken Entries: 31

Download ppt "Hash Algorithms."

Similar presentations

SECURE HASHING ALGORITHM By: Ruth Betcher. Purpose: Authentication Not Encryption Authentication Requirements:  Masquerade – Insertion of message from.

SECURE HASHING ALGORITHM By: Ruth Betcher. Purpose: Authentication Not Encryption Authentication Requirements:  Masquerade – Insertion of message from.
SHA-1 collision found Lukáš Miňo, Richard Bartuš.

SHA-1 collision found Lukáš Miňo, Richard Bartuš.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
MD Collision Sought Marian Ščerbák University of Pavol Jozef Šafárik Košice.

MD Collision Sought Marian Ščerbák University of Pavol Jozef Šafárik Košice.
Hashing Algorithms: SHA-3 CSCI 5857: Encoding and Encryption.

Hashing Algorithms: SHA-3 CSCI 5857: Encoding and Encryption.
Your Security in the IT Market www.i.cz Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.

Your Security in the IT Market Hash Function Design: Overview of the basic components in SHA-3 competition Daniel Joščák, S.ICZ a.s. & MFF UK.
MD5 Generation Auto-Generated Slides To Visualize MD5 Hash Generation by Chris Fremgen.

MD5 Generation Auto-Generated Slides To Visualize MD5 Hash Generation by Chris Fremgen.
MD5 Generation Auto-Generated Slides To Visualize MD5 Hash Generation by Chris Fremgen.

MD5 Generation Auto-Generated Slides To Visualize MD5 Hash Generation by Chris Fremgen.
MD5 Generation Auto-Generated Slides To Visualize MD5 Hash Generation by Chris Fremgen.

MD5 Generation Auto-Generated Slides To Visualize MD5 Hash Generation by Chris Fremgen.
MD5 Generation Auto-Generated Slides To Visualize MD5 Hash Generation by Chris Fremgen.

MD5 Generation Auto-Generated Slides To Visualize MD5 Hash Generation by Chris Fremgen.
Towards SHA-3 Christian Rechberger, KU Leuven. Fundamental questions in CS theory Do oneway functions exist? Do collision-intractable functions exist?

Towards SHA-3 Christian Rechberger, KU Leuven. Fundamental questions in CS theory Do oneway functions exist? Do collision-intractable functions exist?
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,

Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Module 4 Hash Functions Highline Community College Seattle University University of Washington in conjunction with the National Science Foundation.

Module 4 Hash Functions Highline Community College Seattle University University of Washington in conjunction with the National Science Foundation.
CS470, A.SelcukHash Functions1 Cryptographic Hash Functions CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukHash Functions1 Cryptographic Hash Functions CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)

1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)
Team Grey Skies – Pete Biancaniello and Anton Schraut January 18 th, 2012.

Team Grey Skies – Pete Biancaniello and Anton Schraut January 18 th, 2012.

Similar presentations

Ads by Google